MasterCard Looks to Crack Down on Phishing

Updated: MasterCard is teaming up with digital fraud protection company NameProtect to help shut down online scams.

As part of a continuing effort to halt the exploding online crime of phishing, MasterCard International Inc. on Tuesday announced that it is establishing a program to help eliminate the Web-based card-swapping rings and phony Web sites that are the tools of the trade for online scammers.

Under an agreement with NameProtect Inc., the card issuer will get immediate intelligence reports from NameProtect when new phishing sites or scams are launched. MasterCard, in turn, plans to forward that data on to law enforcement authorities, such as the Secret Service and FBI, which investigate online fraud. MasterCard also will send these alerts to all of its member financial institutions, which will be able to use it to warn consumers about the new schemes.

Phishing is the fastest growing form of online fraud and many schemes use real logos from MasterCard, banks or sites such as eBay or PayPal to make the pleas appear legitimate. Most of the phishing attempts involve an e-mail message that asks the recipient to either enter bank-account or credit-card information into a malicious Web site under the guise of a security check or site update.

The sites often have realistic-looking URLs that include the name of the site theyre impersonating, making it all the more difficult for unwary consumers to differentiate between real and spoofed sites. Phishing has become a major concern for banks and credit-card issuers, which end up footing the bill when a criminal runs up unauthorized charges on a stolen credit card.

"This is a major concern for us. We want to make sure the trust relationship remains between the consumer and the financial institution," said Sergio Pinon, senior vice president of global security and risk services at MasterCard, in Purchase, N.Y.


For insights on security coverage around the Web, check out Security Center Editor Larry Seltzers Weblog.

NameProtect, based in Madison, Wis., uses a proprietary Web crawler to search Web pages, spam messages, newsgroups, chat rooms and other sources for signs of illegal activity. The company also monitors domain registrations to flag entries that appear to be trying to spoof a legitimate URL.

MasterCard, based in Purchase, N.Y., and its rival Visa have both been aggressive in trying to curtail identity theft and online fraud. Both organizations have initiatives aimed at catching suspicious activity on consumers accounts and have also been involved in anti-phishing efforts.

Editors Note: This story was updated to include information and comments from a MasterCard official.


Check out eWEEK.coms Security Center at for the latest security news, reviews and analysis.


Be sure to add our developer and Web services news feed to your RSS newsreader or My Yahoo page